File Coverage

blib/lib/Net/Cisco/ObjectGroup.pm

Criterion	Covered	Total	%
statement	25	25	100.0
branch	19	22	86.3
condition	3	3	100.0
subroutine	5	5	100.0
pod	1	1	100.0
total	53	56	94.6

line	stmt	bran	cond	sub	pod	time	code
1							package Net::Cisco::ObjectGroup;
2
3	7			7		167830	use strict;
	7					16
	7					325
4	7			7		40	use warnings FATAL => qw(all);
	7					16
	7					552
5
6							our $VERSION = '1.01';
7							$VERSION = eval $VERSION; # numify for warning-free dev releases
8
9	7			7		12349	use UNIVERSAL::require;
	7					12359
	7					69
10	7			7		189	use Carp;
	7					14
	7					3740
11
12							sub new {
13	22			22	1	6460	my $dummy_class = shift;
14	22					43	my $arg_ref = shift;
15
16	22	100				269	croak 'missing parameter "type"' if !defined $arg_ref->{type};
17	21	100				305	croak "unrecognized object-group type: '$arg_ref->{type}'"
18							if $arg_ref->{type} !~ m/^(?:icmp\|network\|protocol\|service\|port)$/i;
19
20	20	100				156	croak 'missing parameter "name"' if !defined $arg_ref->{name};
21	19	100				390	croak "bad object-group name: '$arg_ref->{name}'"
22							if $arg_ref->{name} !~ m/^[a-zA-Z0-9_.-]{1,64}$/;
23
24	16	100	100			311	croak 'bad description' if exists $arg_ref->{description}
25							and length $arg_ref->{description} > 200;
26
27	15	50				160	my $type = $arg_ref->{type} =~ m/icmp/i ? 'ICMP'
		100
		100
		100
28							: $arg_ref->{type} =~ m/network/i ? 'Network'
29							: $arg_ref->{type} =~ m/protocol/i ? 'Protocol'
30							: $arg_ref->{type} =~ m/(?:service\|port)/i ? 'Service'
31							: croak 'please submit a bug report against this module';
32
33	15					46	my $class = 'Net::Cisco::ObjectGroup::'. $type;
34	15	50				160	$class->require or
35							croak "couldn't load '$class' (maybe you forgot to install it?)";
36
37	15					539	my $og = $class->new({
38							type => lc $type,
39							name => $arg_ref->{name},
40							desc => $arg_ref->{description},
41							objs => [],
42							});
43
44	15	50				372	$og->_init( $arg_ref ) if $og->can('_init');
45
46	13					60	return $og;
47							}
48
49							1;
50
51							=head1 NAME
52
53							Net::Cisco::ObjectGroup - Generate Cisco ACL object groups
54
55							=head1 VERSION
56
57							This document refers to version 1.01 of Net::Cisco::ObjectGroup.
58
59							=head1 SYNOPSIS
60
61							use Net::Cisco::ObjectGroup;
62							my $og = Net::Cisco::ObjectGroup->new({
63							type => 'icmp'
64							name => 'friendly_icmp',
65							description => 'ICMP types we like', # optional
66							pretty_print => 1, # optional
67							});
68
69							$g->push({icmp_type => 8}); # this is an echo request
70							$g->push({group_object => $another_objectgroup_object});
71
72							print $g->dump, "\n";
73							# prints the object-group configuration commands to STDOUT, something like:
74
75							object-group icmp friendly_icmp
76							description ICMP types we like
77							icmp-object echo
78							group-object other_icmp_types
79
80							=head1 DESCRIPTION
81
82							Use this module to manage the presentation of Cisco PIX or FWSM Object Groups.
83							Group entries are pushed into the object in a simple parmaterized fashion, and
84							you can then dump the content in a format that is parsable by Cisco devices.
85
86							=head1 IMPORTANT NOTE
87
88							This module's error checking is only concerned with B.
89							It makes no judgement of the I of your group entries.
90
91							For instance, newer FWSM systems use netmasks specified in terms of host
92							address network masks (e.g. C<255.255.255.0>), whereas older systems use
93							wildcard bits (e.g. C<0.0.0.255>). C will not check
94							that you use the correct type of mask, or even that your mask isn't something
95							completely inappropriate (e.g. C).
96
97							=head1 METHODS
98
99							=head2 C<< Net::Cisco::ObjectGroup->new >>
100
101							Each object group that you manage must be created through this method, which
102							takes at least two parameters: the C and the C of the object
103							group. The parameters must be provided in a single hash reference argument,
104							like so:
105
106							my $g = Net::Cisco::ObjectGroup->new({
107							type => 'network',
108							name => 'my_new_object_group',
109							description => 'used for something useful', # optional
110							});
111
112							Optionally you may also provide a description of the group. For details of
113							the types of object group available, and additional parameters to this method
114							that they accept, see L, below.
115
116							C is actually a factory class, and this method
117							returns an object of the type that you requested in the C parameter. All
118							objects inherit from C, and on success this
119							method will return an instance of one of the following:
120
121							=over 4
122
123							=item *
124
125							Net::Cisco::ObjectGroup::ICMP
126
127							=item *
128
129							Net::Cisco::ObjectGroup::Network
130
131							=item *
132
133							Net::Cisco::ObjectGroup::Protocol
134
135							=item *
136
137							Net::Cisco::ObjectGroup::Service
138
139							=back
140
141							=head2 C
142
143							Use this method to add an entry to the object group. Although according to
144							Cisco's documentation order of the content of an object group is not
145							significant, this module will preseve the order of pushed entries, with new
146							entries being added to the end of the list of items in the group.
147
148							Parameters are all passed within a single hash reference argument. Which keys
149							of that hash you populate will depend on the type of the object group on which
150							you are operating. Logic within the module should check that you are
151							syntactically correct, but for brevity of this documentation you are referred
152							to the many Cisco manuals containing object group syntax usage guidelines.
153
154							See L, below, for parameter specifics.
155
156							=head2 C
157
158							This method generates and returns the object group as it would look in a Cisco
159							configuration file.
160
161							The returned value is a scalar, with embedded newline characters and no
162							terminating newline, so you will need to append that as required. Note that
163							when submitting this to, for example, a L session via
164							C, a newline will be automatically appended by that method.
165
166							Fully compatible Cisco commands are produced on the fly from the data stored
167							in the C object, so you can C and C
168							repeatedly to your heart's content.
169
170							=head1 GROUP TYPES
171
172							Following Cisco configuration guidelines, there are four types of object group
173							available to you. Each of them implements a C object method to
174							populate the group, with custom parameters as described below.
175
176							=head2 ICMP
177
178							The C method to C will also accept a
179							C parameter, which if set to a true value, enables the
180							substitution of some numeric ICMP types for their text aliases within the
181							output from C.
182
183							The C method for ICMP object groups accepts the following parameters:
184
185							=over 4
186
187							=item C
188
189							Fill this value in your parameter hash with an ICMP type. As mentioned above,
190							it is your responsibility to enter something that the Cisco device will parse
191							(e.g. a recognised ICMP type name or IANA assigned number).
192
193							=item C
194
195							Use this parameter to refer to another ICMP object group in this group entry.
196
197							=back
198
199							=head2 Network
200
201							The C method for Network object groups accepts the following parameters:
202
203							=over 4
204
205							=item C, C
206
207							At a minimum, if configuring a network address, you must pass the C
208							parameter. If C is omitted, then the C is assumed to be a
209							host address (32 bit netmask). Otherwise, specify a netmask in C.
210
211							=item C
212
213							Use this parameter to refer to another Network object group in this group
214							entry.
215
216							=back
217
218							=head2 Protocol
219
220							The C method to C will also accept a
221							C parameter, which if set to a true value, enables the
222							substitution of some protocol numbers for their text aliases within the output
223							from C.
224
225							The C method for Protocol object groups accepts the following
226							parameters:
227
228							=over 4
229
230							=item C
231
232							Fill this value in your parameter hash with a protocol type. As mentioned
233							above, it is your responsibility to enter something that the Cisco device will
234							parse (e.g. a recognised protocol name or IANA assigned number).
235
236							=item C
237
238							Use this parameter to refer to another Protocol object group in this group
239							entry.
240
241							=back
242
243							=head2 Service
244
245							The C method to C will also accept a
246							C parameter, which if set to a true value, enables the
247							substitution of some port numbers for their corresponding service names within
248							the output from C.
249
250							The C method for Service object groups I the following
251							additional parameter:
252
253							=over 4
254
255							=item C
256
257							Service object groups must be specified with any of three possible IP protocol
258							groups, C, C or C in this parameter.
259
260							=back
261
262							The C method for Service object groups accepts the following parameters:
263
264							=over 4
265
266							=item C, C, C
267
268							If specifying one or more services (rather than a group, as below), then at a
269							minimum the C and C parameters must be completed. C may
270							be either C or C, and if the latter then C must also
271							contain the corresponding service to make a range.
272
273							As mentioned above, it is your responsibility to enter values for C and
274							C that the Cisco device will parse (e.g. a recognised service name or
275							IANA assigned number).
276
277							=item C
278
279							Use this parameter to refer to another Service object group in this group
280							entry.
281
282							=back
283
284							You may encounter the following diagnostic messages from Protocol groups:
285
286							=over 4
287
288							=item C
289
290							This is a required parameter to the C class method when specifying an
291							object group type of C (or C).
292
293							=item C...
294
295							You have used an unrecognized value for the C parameter to C.
296
297							=item C
298
299							The C parameter is missing in your call to C.
300
301							=item C...
302
303							You have used an unrecognized value for the C parameter to C.
304
305							=back
306
307							=head1 DIAGNOSTICS
308
309							=over 4
310
311							=item C...
312
313							At a minimum please supply an object group or other required parameter.
314
315							=item C...
316
317							Likewise you should not specify I an object group and type-specific
318							paramters.
319
320							=item C
321
322							Referenced object groups must be of the same type as the group they are
323							referenced from.
324
325							=item C
326
327							You forgot to specify the C parameter to C<<
328							Net::Cisco::ObjectGroup->new >>.
329
330							=item C...
331
332							The group type must be one of C, C, C, C or
333							C.
334
335							=item C
336
337							You forgot to specify the C parameter to C<<
338							Net::Cisco::ObjectGroup->new >>.
339
340							=item C...
341
342							Object group names must be between one and 64 characters comprising only
343							upper and lowercase letters, digits, underscore, period and hyphen.
344
345							=item C
346
347							The length of the description must not exceed 200 characters.
348
349							=back
350
351							=head1 DEPENDENCIES
352
353							Other than the contents of the standard Perl distribution, you will need the
354							following:
355
356							=over 4
357
358							=item *
359
360							UNIVERSAL::require
361
362							=item *
363
364							Class::Data::Inheritable
365
366							=item *
367
368							Class::Accessor >= 0.25
369
370							=back
371
372							=head1 BUGS
373
374							If you spot a bug or are experiencing difficulties that are not explained
375							within the documentation, please send an email to oliver@cpan.org or submit a
376							bug to the RT system (http://rt.cpan.org/). It would help greatly if you are
377							able to pinpoint problems or even supply a patch.
378
379							=head1 SEE ALSO
380
381							L, L
382
383							=head1 AUTHOR
384
385							Oliver Gorwits C<< >>
386
387							=head1 COPYRIGHT & LICENSE
388
389							Copyright (c) The University of Oxford 2008.
390
391							This library is free software; you can redistribute it and/or modify it under
392							the same terms as Perl itself.
393
394							=cut